[ckastner]

> while it is claimed at the same time that they can be replicated by a "thief", which necessarily implies that they don't identify Alice, and hence are not an identity, therefore tautological impossibility.

Attributes can be replicated -> attributes don't identify Alice

Why do you consider this implication necessary? It sounds nonsensical.

Counterexample: to verify an identity, the verifier must possess a replication the identifying attributes. If replication implies non-identity, then identity verification becomes impossible.

Note that we're speaking of identity in the context of a technical implementation.

[zAy0LfpBZLC8mAC]

> Why do you consider this implication necessary? It sounds nonsensical.

Because it is implied by the definition that is implied by the concept of "identity theft".

Let's assume we define "identity" to mean "any set of attributes of Alice", so widening it essentially as far as possible. Then "is a human", being an attribute of Alice, would become an identity of Alice. Using that definition in the context of identity theft would then lead to the following sort of justification: Alice is responsible for paying back this loan because the person that we gave this loan to was a human and we identified Alice by her attribute of being a human to be the person we gave this loan to.

That doesn't make much sense, does it?

The whole justification for calling it identity theft, and thus blaming the identified person, hinges on the implication that whatever attributes are being used to "identify" Alice do imply that it is in fact uniquely Alice who has those attributes. It only logically works if you can say "those attributes are the attributes of the person that we made the contract with, and they are unique to Alice, therefore Alice is the person we made the contract with", not if your claim is "those attributes are the attributes of the person that we made the contract with, which are shared by a whole bunch of people, therefore Alice is the person we made the contract with".

> Counterexample: to verify an identity, the verifier must have replicated the identifying attributes. If replication implies non-identity, then identity verification becomes impossible.

Erm ... no? Just two obvious examples:

In order to check that you are the person on a picture I have of you, all I need is the picture, no need to have a replica of you.

In order to check that you are in the possession of a private key, all I need is the corresponding public key, not the private key.

Also, if it were the case that identity verification were in fact impossible ... what would be your point then? You don't like the (hypothetical) fact that it is impossible, therefore it is possible?

> Note that we're speaking of identity in the context of a technical implementation.

Actually, we kindof don't. We are really talking about a legal implementation, where there really is no requirement to do anything as a "technical implementation"!?

[ckastner]

The original parent posited that we have multiple identities, as in: multiple sets of attributes, each of which uniquely identify us within a certain context.

> Let's assume we define "identity" to mean "any set of attributes of Alice", so widening it essentially as far as possible. Then "is a human", being an attribute of Alice, would become an identity of Alice.

> That doesn't make much sense, does it?

If Alice is the last surviving human being in the universe, it does.

If Alice isn't the last surviving human being in the universe, than the premise of "is a human" as an identity is already nonsensical (because it no longer identifies), hence also any conclusions you derive from that premise are also nonsensical.

> In order to check that you are the person on a picture I have of you, all I need is the picture, no need to have a replica of you.

You haven't checked that it's me, you've checked that it is someone who looks like me.

Within any given context, that may or may not be treated as my identity. Hence, we're back at multiple identities, each in their own context.

> In order to check that you are in the possession of a private key, all I need is the corresponding public key, not the private key.

Which says nothing about identity, only about possession. Whether this possession is taken to be sufficient proof of identity again depends on the context.

> Also, if it were the case that identity verification were in fact impossible ... what would be your point then? You don't like the (hypothetical) fact that it is impossible, therefore it is possible?

Do you believe this hypothetical example to be true? If not, what's your point?

[zAy0LfpBZLC8mAC]

> The original parent posited that we have multiple identities, as in: multiple sets of attributes, each of which uniquely identify us within a certain context.

In which case it's just not a refutation of the tautological impossibility at all. Either something uniquely identifies someone, or it does not. Uniquely identifying someone while at the same time being (trivially) being replicated by somebody else is just a contradiction.

> If Alice is the last surviving human being in the universe, it does.

Seriously?

> If Alice isn't the last surviving human being in the universe, than the premise of "is a human" as an identity is already nonsensical (because it no longer identifies), hence also any conclusions you derive from that premise are also nonsensical.

Which is exactly why "was able to tell us the DoB of Alice" as an identity is nonsensical, and hence any conclusion of the form "therefore, Alice's identity was stolen" is nonsensical as well, correct.

> You haven't checked that it's me, you've checked that it is someone who looks like me.

Which contradicts the claim that the verifier does not need a replica of you how exactly?

> Within any given context, that may or may not be treated as my identity. Hence, we're back at multiple identities, each in their own context.

Which still cannot be stolen. So?

> Which says nothing about identity, only about possession. Whether this possession is taken to be sufficient proof of identity again depends on the context.

Which contradicts the claim that the verifier in a context where it is taken to be sufficient proof of identity does not need the private key how exactly?

> Do you believe this hypothetical example to be true? If not, what's your point?

My point is that I am responding to your argument that was about an implication from that hypothetical case.

[tripzilch]

> Let's assume we define "identity" to mean

... seriously, just stop.